Angelo Veltens wrote:
Hi all,
my name is Angelo Veltens, i'm studying computer science in germany. I
am using the jena framework with sdb for a student research project.
I'm just wondering how to prevent sparql injections. It seems to me,
that i have to build my queries from plain strings and do the sanitizing
on my own. Isn't there something like prepared statements as in
SQL/JDBC? This would be less risky.
Kind regards,
Angelo Veltens
The server should have the ability to control who can do what with SPARQL.
If you put SPARQL endpoints behind FOAF+SSL (for instance) and also use
ACLs at the Graph IRI level, the vulnerability is blocked (bar stealing
your machine and getting locating your private key).
--
Regards,
Kingsley Idehen
President & CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
